UserPlugin.php 9.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-or-later
  5. */
  6. namespace OC\Collaboration\Collaborators;
  7. use OC\KnownUser\KnownUserService;
  8. use OCP\Collaboration\Collaborators\ISearchPlugin;
  9. use OCP\Collaboration\Collaborators\ISearchResult;
  10. use OCP\Collaboration\Collaborators\SearchResultType;
  11. use OCP\IConfig;
  12. use OCP\IGroupManager;
  13. use OCP\IUser;
  14. use OCP\IUserManager;
  15. use OCP\IUserSession;
  16. use OCP\Share\IShare;
  17. use OCP\UserStatus\IManager as IUserStatusManager;
  18. class UserPlugin implements ISearchPlugin {
  19. protected bool $shareWithGroupOnly;
  20. protected bool $shareeEnumeration;
  21. protected bool $shareeEnumerationInGroupOnly;
  22. protected bool $shareeEnumerationPhone;
  23. protected bool $shareeEnumerationFullMatch;
  24. protected bool $shareeEnumerationFullMatchUserId;
  25. protected bool $shareeEnumerationFullMatchEmail;
  26. protected bool $shareeEnumerationFullMatchIgnoreSecondDisplayName;
  27. public function __construct(
  28. private IConfig $config,
  29. private IUserManager $userManager,
  30. private IGroupManager $groupManager,
  31. private IUserSession $userSession,
  32. private KnownUserService $knownUserService,
  33. private IUserStatusManager $userStatusManager,
  34. private mixed $shareWithGroupOnlyExcludeGroupsList = [],
  35. ) {
  36. $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
  37. $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
  38. $this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
  39. $this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
  40. $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
  41. $this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes') === 'yes';
  42. $this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
  43. $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes';
  44. if ($this->shareWithGroupOnly) {
  45. $this->shareWithGroupOnlyExcludeGroupsList = json_decode($this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', ''), true) ?? [];
  46. }
  47. }
  48. public function search($search, $limit, $offset, ISearchResult $searchResult): bool {
  49. $result = ['wide' => [], 'exact' => []];
  50. $users = [];
  51. $hasMoreResults = false;
  52. $currentUserId = $this->userSession->getUser()->getUID();
  53. $currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
  54. // ShareWithGroupOnly filtering
  55. $currentUserGroups = array_diff($currentUserGroups, $this->shareWithGroupOnlyExcludeGroupsList);
  56. if ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly) {
  57. // Search in all the groups this user is part of
  58. foreach ($currentUserGroups as $userGroupId) {
  59. $usersInGroup = $this->groupManager->displayNamesInGroup($userGroupId, $search, $limit, $offset);
  60. foreach ($usersInGroup as $userId => $displayName) {
  61. $userId = (string)$userId;
  62. $user = $this->userManager->get($userId);
  63. if (!$user->isEnabled()) {
  64. // Ignore disabled users
  65. continue;
  66. }
  67. $users[$userId] = $user;
  68. }
  69. if (count($usersInGroup) >= $limit) {
  70. $hasMoreResults = true;
  71. }
  72. }
  73. if (!$this->shareWithGroupOnly && $this->shareeEnumerationPhone) {
  74. $usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
  75. if (!empty($usersTmp)) {
  76. foreach ($usersTmp as $user) {
  77. if ($user->isEnabled()) { // Don't keep deactivated users
  78. $users[$user->getUID()] = $user;
  79. }
  80. }
  81. uasort($users, function ($a, $b) {
  82. /**
  83. * @var \OC\User\User $a
  84. * @var \OC\User\User $b
  85. */
  86. return strcasecmp($a->getDisplayName(), $b->getDisplayName());
  87. });
  88. }
  89. }
  90. } else {
  91. // Search in all users
  92. if ($this->shareeEnumerationPhone) {
  93. $usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
  94. } else {
  95. $usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
  96. }
  97. foreach ($usersTmp as $user) {
  98. if ($user->isEnabled()) { // Don't keep deactivated users
  99. $users[$user->getUID()] = $user;
  100. }
  101. }
  102. }
  103. $this->takeOutCurrentUser($users);
  104. if (!$this->shareeEnumeration || count($users) < $limit) {
  105. $hasMoreResults = true;
  106. }
  107. $foundUserById = false;
  108. $lowerSearch = strtolower($search);
  109. $userStatuses = $this->userStatusManager->getUserStatuses(array_keys($users));
  110. foreach ($users as $uid => $user) {
  111. $userDisplayName = $user->getDisplayName();
  112. $userEmail = $user->getSystemEMailAddress();
  113. $uid = (string)$uid;
  114. $status = [];
  115. if (array_key_exists($uid, $userStatuses)) {
  116. $userStatus = $userStatuses[$uid];
  117. $status = [
  118. 'status' => $userStatus->getStatus(),
  119. 'message' => $userStatus->getMessage(),
  120. 'icon' => $userStatus->getIcon(),
  121. 'clearAt' => $userStatus->getClearAt()
  122. ? (int)$userStatus->getClearAt()->format('U')
  123. : null,
  124. ];
  125. }
  126. if (
  127. $this->shareeEnumerationFullMatch &&
  128. $lowerSearch !== '' && (strtolower($uid) === $lowerSearch ||
  129. strtolower($userDisplayName) === $lowerSearch ||
  130. ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) ||
  131. ($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch))
  132. ) {
  133. if (strtolower($uid) === $lowerSearch) {
  134. $foundUserById = true;
  135. }
  136. $result['exact'][] = [
  137. 'label' => $userDisplayName,
  138. 'subline' => $status['message'] ?? '',
  139. 'icon' => 'icon-user',
  140. 'value' => [
  141. 'shareType' => IShare::TYPE_USER,
  142. 'shareWith' => $uid,
  143. ],
  144. 'shareWithDisplayNameUnique' => !empty($userEmail) ? $userEmail : $uid,
  145. 'status' => $status,
  146. ];
  147. } else {
  148. $addToWideResults = false;
  149. if ($this->shareeEnumeration &&
  150. !($this->shareeEnumerationInGroupOnly || $this->shareeEnumerationPhone)) {
  151. $addToWideResults = true;
  152. }
  153. if ($this->shareeEnumerationPhone && $this->knownUserService->isKnownToUser($currentUserId, $user->getUID())) {
  154. $addToWideResults = true;
  155. }
  156. if (!$addToWideResults && $this->shareeEnumerationInGroupOnly) {
  157. $commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
  158. if (!empty($commonGroups)) {
  159. $addToWideResults = true;
  160. }
  161. }
  162. if ($addToWideResults) {
  163. $result['wide'][] = [
  164. 'label' => $userDisplayName,
  165. 'subline' => $status['message'] ?? '',
  166. 'icon' => 'icon-user',
  167. 'value' => [
  168. 'shareType' => IShare::TYPE_USER,
  169. 'shareWith' => $uid,
  170. ],
  171. 'shareWithDisplayNameUnique' => !empty($userEmail) ? $userEmail : $uid,
  172. 'status' => $status,
  173. ];
  174. }
  175. }
  176. }
  177. if ($this->shareeEnumerationFullMatch && $this->shareeEnumerationFullMatchUserId && $offset === 0 && !$foundUserById) {
  178. // On page one we try if the search result has a direct hit on the
  179. // user id and if so, we add that to the exact match list
  180. $user = $this->userManager->get($search);
  181. if ($user instanceof IUser) {
  182. $addUser = true;
  183. if ($this->shareWithGroupOnly) {
  184. // Only add, if we have a common group
  185. $commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
  186. $addUser = !empty($commonGroups);
  187. }
  188. if ($addUser) {
  189. $status = [];
  190. $uid = $user->getUID();
  191. $userEmail = $user->getSystemEMailAddress();
  192. if (array_key_exists($user->getUID(), $userStatuses)) {
  193. $userStatus = $userStatuses[$user->getUID()];
  194. $status = [
  195. 'status' => $userStatus->getStatus(),
  196. 'message' => $userStatus->getMessage(),
  197. 'icon' => $userStatus->getIcon(),
  198. 'clearAt' => $userStatus->getClearAt()
  199. ? (int)$userStatus->getClearAt()->format('U')
  200. : null,
  201. ];
  202. }
  203. $result['exact'][] = [
  204. 'label' => $user->getDisplayName(),
  205. 'icon' => 'icon-user',
  206. 'subline' => $status['message'] ?? '',
  207. 'value' => [
  208. 'shareType' => IShare::TYPE_USER,
  209. 'shareWith' => $user->getUID(),
  210. ],
  211. 'shareWithDisplayNameUnique' => $userEmail !== null && $userEmail !== '' ? $userEmail : $uid,
  212. 'status' => $status,
  213. ];
  214. }
  215. }
  216. }
  217. $type = new SearchResultType('users');
  218. $searchResult->addResultSet($type, $result['wide'], $result['exact']);
  219. if (count($result['exact'])) {
  220. $searchResult->markExactIdMatch($type);
  221. }
  222. return $hasMoreResults;
  223. }
  224. public function takeOutCurrentUser(array &$users): void {
  225. $currentUser = $this->userSession->getUser();
  226. if (!is_null($currentUser)) {
  227. if (isset($users[$currentUser->getUID()])) {
  228. unset($users[$currentUser->getUID()]);
  229. }
  230. }
  231. }
  232. }